N00B Q
so hope u guys dont flame me for it but what are the different types of firewalls as in differrent ways they work in for eg:
the one in my univ works on the basis of certain letters or words in the URL which it blocks internal access to are there different ways of doing the same thing

thanx in advance for any info provided

March 7th, 2005, 12:57 PM

MrBabis

Primary functionality of firewalls is to block&filter in/out going tarffik,packets.
1) software firewalls that you are installing on local pc.
2) server based firewalls that installed on servers
3) hardware firewalls like router with build in firewall
3.1) hardware firewalls like router with build in firewall and antivirus

Other adds like clear cookies is just added mudules - makes a suite of software -&gt; few function in one program set.

March 7th, 2005, 12:57 PM

pennconservativ

Re: types of fire walls

Quote:

Originally posted here by ark_templar N00B Q
so hope u guys dont flame me for it but what are the different types of firewalls as in differrent ways they work in for eg:
the one in my univ works on the basis of certain letters or words in the URL which it blocks internal access to are there different ways of doing the same thing

thanx in advance for any info provided

If it's filtering based on content, then it's more than likely an application layer proxy, not technically a firewall. The terminology has become more than a little skewed as perimeter devices become more and more integrated, but traditional firewalls did not have the ability to make these kinds of decisions. Traditionally, firewalls work only on network layer information, such as IP addresses and ports. Today, though, people commonly refer to any device that filters at the perimeter as a firewall. There are basically as many types of these as there are layers in the OSI model. The only differentiation is the amount of the packet that is processed.

For example, it doesn't take long for a traditional firewall to process a packet up to the network layer and make a decision based on an IP address. It takes much more time for a packet to be processed to the application layer, it's actual content, and have a decision made on the actual payload. The benefits are usually worth it, though. A network layer firewall can say "Don't allow this traffic in on port 81, because I'm only accepting web traffic on port 80." An application layer firewall can say "Don't allow this traffic in on port 80 because I only allow web traffic in, and the payload of this packet does not contain HTTP traffic."

Hope this helps.

March 7th, 2005, 01:23 PM

IKnowNot

It seems we are continuing to see more questions like this.

Though I am drunk, ( disclaimer here, I've been working on something else, AFTER working 12 hours ) I am glad to see someone make the distinction between “ firewall “ and some type of filter ( “ proxy “ ).

I hope pennconservativ's response makes as much sense when I'm sober as it does when I am drunk!

March 7th, 2005, 03:37 PM

cacosapo

Re: types of fire walls

Quote:

Originally posted here by ark_templar N00B Q
so hope u guys dont flame me for it but what are the different types of firewalls as in differrent ways they work in for eg:
the one in my univ works on the basis of certain letters or words in the URL which it blocks internal access to are there different ways of doing the same thing

Stateful Inspection: examines and analyzes the entire packet for the purpose of determining what type of data is attempting to pass through the firewall.

Packet-Filtering: allows communications only with specific IP’s by monitoring the packets.

***Note: Some firewalls combine several technologies to accomplish their goal. Why not build your own?

Cheers

March 8th, 2005, 05:21 AM

sec_ware

Hi

"Newbie Questions" often are fruitful, because they might force
you to think about it once more - and more carefully. Some good
statements have been made here already, but allow me to go
through it myself. Cemetric's link, although I just scanned it,
seems to be excellent.

The firewall is a type of a gateway (in its broader sense), like
router, authentication server etc. Its function is to apply a
set of predefined rules in order to allow, discard or redirect
packets - or even repackage them.

There are (ordered by functionality)

- packet filters, on network layer,
which use access control lists. They are application-independent,
they look at the header only, what makes them fast, but has low
security, since it does not look at the content nor does it remember
the state of the connection.

- proxy firewall, works on several layers,
which, first of all, breaks the direct connection (security measure!),
and second, also decides base on some kind of list.

- proxy firewall circuit-level proxy, works on the network layer,
and decides based on header information only. However, due to the explicit
breaking of the connection, the circuit-level proxy is more than just a packet filter.
- proxy firewall application-level proxy, works up to the application level,
since it also checks the content of the packet. Nevertheless, these are quite
complicated to configure properly, since in-depth knowledge of the
protocols is often needed.

- statefull firewalls[1], can go up to the application layer,
which in addition to checking header and data, also keeps track of the
state of the communication (CLOSED, LISTEN, SYN-SENT/RCVD,ESTABLISHED),
even for UDP.

Not exactly sure where other people have pulled their firewalls from, however plan on taking the CISSP exam the following information will be most useful to you.
In order of generation/order developed:
[list=1][*]Packet Filtering : A basic ACL firewall operating at the Network or Transport level.[*]Application Level : These are typically proxying firewalls and run in level seven of the OSI model. Circuit Level firewalls are a variation on the application level that maintains a virtual circuit between the client and the firewall server[*]Stateful Inspection : These operate at the network level and analyze traffic at all OSI levels. By using a state table and operating at a lower level than the application firewalls this firewall is able to offer better performance, a more complete scan of the packets and tracking of "connectionless" protocols like UDP and RCP based applications.[*]Dynamic Packet Filtering : a dynamic firewall that enables real time rule changes, mostly used to provide UDP support. It remembers all UDP traffic for a short time and makes judgements (based on rules of course) on what to and not to allow.[*]Kernel Proxy : a modular, kernel based, multi-layer firewall that runs in the NT executive and utilizes dynamic and custom TCP/IP based stacks to inspect traffic and enforce applicable security policies.[/list=1]

Additionally you have new firewalls like Sidewinder G2 which uses multi-level labeling and strong typing to go along with its filtering.

Also you have "application firewalls" this is different to "application level" firewalls. These "firewalls" do not filter network traffic and are more technically refered to as "sandboxes" though they do offer improved functionality over traditional sandboxes via advanced input and output filtering.

Lastly, there is no such thing as a "hardware firewall" no reputable vendor uses this term. The correct term is "dedicated firewall" or "appliance firewall" because the firewall runs on a stripped down system that is designed to be as minimalistic as possible and only function as one of the four firewall types (not application level of course) listed above. Essentially single function systems like this which lack a general purpose OS are called "applicances," you wouldn't say "hardware webserver" (like bodacion HYDRA for example) so why say "hardware firewall.

cheers,

catch

March 8th, 2005, 10:59 AM

modafar

""A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks. Basically, a firewall, working closely with a router program, filters all network packets to determine whether to forward them toward their destination. A firewall is often installed away from the rest of the network so that no incoming request can get directly at private network resources. There are a number of firewall screening methods. A simple one is to screen requests to make sure they come from acceptable (previously identified) domain names and IP addresses. For mobile users, firewalls allow remote access in to the private network by the use of secure logon procedures and authentication certificates""
i hope that this is helpful definition...